The extra hop adds a significant barrier for the website in knowing the actual source IP. The fake source IP is likely used by many other users, and the user you are trying to track can easily rotate VPN IPs.

Its one less identifier for them to use.

[–] Mordikan@kbin.earth 13 points 4 days ago (1 children)

Adtech relies on the OpenRTB 2.5/2.6 spec for tracking, you would have removed 1 identifier out of a hundred (one that isn't really used anyway given SSAI is so popular). In addition to that, cookie expiry timers are typically set to 365 days meaning you're VPN would need to enabled at all times to not invalidate multi-hop. WebStorage API based trackers tend to be indefinite.

ORTB spec: https://www.iab.com/wp-content/uploads/2016/03/OpenRTB-API-Specification-Version-2-5-FINAL.pdf

EDIT: If anyone is looking for more specifics about WHY IP addresses and multi-hop don't matter, the spec includes a mention:

BEST PRACTICE: Proper device IP detection in mobile is not straightforward. Typically it involves starting at the left of the x-forwarded-for header, skipping private carrier networks (e.g., 10.x.x.x or 192.x.x.x), and possibly scanning for known carrier IP ranges. Exchanges are urged to research and implement this feature carefully when presenting device IP values to bidders.

The issue is that mobile is so prevalent and mobile networks rely so extensively on CG-NAT that even with XFF headers, there's no good way to tell if you are going to get an IP address that actually matters. You could potentially put in a lot of auction time trying to figure that out and still just end up with a private address that's unusable. So, aside from the devicetype and the geo object which is used for geo targets and fencing, the device object isn't useful in tracking. Instead adtech uses the user object. This object should contain all your GDPR specifics, any EIDs, 1st party cookie IDs, etc. Even if those change, there usually exists backend mapping that allows for vendors to correlate different user IDs as being the same user ultimately.

[–] unhrpetby@sh.itjust.works -1 points 4 days ago (2 children)

...specifics about WHY IP addresses and multi-hop don't matter.

...you would have removed 1 identifier...

So it can matter.

[–] protogen420@lemmy.blahaj.zone 4 points 4 days ago (1 children)

barely, efectively meaningless

[–] Mordikan@kbin.earth 3 points 4 days ago (1 children)

Yeah, multi-hop is pointless for tracking. The logic to it is crazy too. People think VPNs make them anonymous (they don't), but they also think multi-hop makes them MORE anonymous. So anonymity is kind of an absolute concept. Either you are or you are not anonymous. You can't be more anonymous than anonymous. There is no +1.

[–] unhrpetby@sh.itjust.works 2 points 3 days ago (1 children)

Yeah, multi-hop is pointless for tracking.

The logic to it is crazy too. People think VPNs make them anonymous (they don't), but they also think multi-hop makes them MORE anonymous.

Whether multi-hop matters to tracking is far and away a different discussion than whether multi-hop "makes you anonymous".

I too disagree with the original comment, but also believe the pendulum swung too far the other direction in your replies.

Situations differ. Threat models differ. More hops can, from direct personal experience, make the difference in tracking. Your claim of "...multi-hop is pointless for tracking." has too broad of a scope to be correct.

[–] Mordikan@kbin.earth 2 points 3 days ago (1 children)

What specifically about multi-hop makes you think it improves your security? Be specific. What is your "direct personal experience"?

[–] unhrpetby@sh.itjust.works 1 points 2 days ago (2 children)

What specifically about multi-hop makes you think it improves your security?

I haven't mentioned security.

[–] protogen420@lemmy.blahaj.zone 1 points 3 hours ago

if your security breaks, so does your privacy alongside it

[–] Mordikan@kbin.earth 1 points 2 days ago (1 children)

I'm sorry, that isn't evidence.

[–] unhrpetby@sh.itjust.works 1 points 2 days ago

I'm unsure what evidence you are referring to.

[–] Mordikan@kbin.earth 3 points 4 days ago (1 children)

So it can matter.

Remember to read the rest of that sentence:

1 identifier out of a hundred (one that isn't really used anyway given SSAI is so popular).

So, no. Not really.

[–] unhrpetby@sh.itjust.works 1 points 3 days ago (1 children)

Remember to read the rest of that sentence:

It doesn't change the contradiction.

[–] Mordikan@kbin.earth 1 points 3 days ago (1 children)

You almost had the rest of the sentence there:

one that isn't really used anyway given SSAI is so popular

[–] unhrpetby@sh.itjust.works 1 points 3 days ago (1 children)

You almost had the rest of the sentence there:

That doesn't change the contradiction.

[–] Mordikan@kbin.earth 2 points 3 days ago (1 children)

You're trying to argue without evidence (like I had provided). To summarize these exchange so far its:

You giving some marketing crap you read from a VPN provider site on their multi-hop service.
Someone pointing out that it is incorrect with evidence.
You get mad and basically come back with "Nuh-uh!"

Is there some evidence you'd like to provide or is it going to be another "nuh-uh!"?

[–] unhrpetby@sh.itjust.works 1 points 2 days ago (1 children)

You giving some marketing crap you read from a VPN provider site on their multi-hop service.

I'm sorry, but that isn't correct.

[–] Mordikan@kbin.earth 2 points 2 days ago (1 children)

I'm sorry, but that isn't evidence.

[–] unhrpetby@sh.itjust.works 1 points 2 days ago (1 children)

I'm unsure what evidence you are referring to.

[–] Mordikan@kbin.earth 1 points 2 days ago

Threat models differ. More hops can, from direct personal experience, make the difference in tracking

Evidence, or it isn't true.

[–] abbadon420@sh.itjust.works 4 points 4 days ago

That is a good point indeed, but also applies for regular internet use..